VPN Client connected but no ping nor access to privat network

Answered Question
Oct 19th, 2008
User Badges:

Hi,

I have a 1802w installed, a VPN client wich can connect to the router and a connected L2L connection, wich works fine.

On the router I see that the client is connected, but no traffic is passing. In sh crypto ipsec, I see that traffic is decrypted, but no packtets are encypted.

Can anybody point me in the right direction? Attached I have the confs and debugs. Thanks for help in advance.

Erich



Correct Answer by ajagadee about 8 years 8 months ago

Erich,


Looking at your configuration, Couple of things:


1. Is this the current running configuration. I see your L2L Tunnel is configured with a match address of 101 but I do not see an ACL 101 defined on the router.


2. Your Split Tunnel needs to be reconfigured. Meaning, the source and destination needs to be swapped.


ip access-list extended SplitList

permit ip 192.168.2.0 0.0.0.255 192.168.111.0 0.0.0.255


Split Tunneling


http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a00800a393b.shtml#con4


Also, the pool of IP Addresses that you are assigning to the clients, make sure they are not part of a LAN on your side. If so, then you could run into routing issues.


Regards,

Arul


** Please rate all helpful posts **




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
ajagadee Sun, 10/19/2008 - 13:10
User Badges:
  • Cisco Employee,

Hello Erich,


Can you attached the configuration and debugs. I dont see it attached to the post.


Regards,

Arul

ezy Sun, 10/19/2008 - 19:36
User Badges:

Hi,

attached the debugs and confs.


Erich




Correct Answer
ajagadee Mon, 10/20/2008 - 06:38
User Badges:
  • Cisco Employee,

Erich,


Looking at your configuration, Couple of things:


1. Is this the current running configuration. I see your L2L Tunnel is configured with a match address of 101 but I do not see an ACL 101 defined on the router.


2. Your Split Tunnel needs to be reconfigured. Meaning, the source and destination needs to be swapped.


ip access-list extended SplitList

permit ip 192.168.2.0 0.0.0.255 192.168.111.0 0.0.0.255


Split Tunneling


http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a00800a393b.shtml#con4


Also, the pool of IP Addresses that you are assigning to the clients, make sure they are not part of a LAN on your side. If so, then you could run into routing issues.


Regards,

Arul


** Please rate all helpful posts **




ezy Mon, 10/20/2008 - 20:25
User Badges:

Hi Arul,

thanks a lot. It was the split tunnel, I mixed it somehow.


Regards

Erich

Actions

This Discussion